From 7977647055c4819a8c06996ed7ac426b5dc873bb Mon Sep 17 00:00:00 2001 From: Amir Alavi Date: Tue, 11 Oct 2022 22:24:31 -0400 Subject: [PATCH] cli option to enable uid impersonation --- pkg/kn/commands/types.go | 5 ++++- pkg/kn/commands/types_test.go | 26 +++++++++++++++++++++++++- pkg/kn/root/root.go | 1 + pkg/kn/root/root_test.go | 1 + 4 files changed, 31 insertions(+), 2 deletions(-) diff --git a/pkg/kn/commands/types.go b/pkg/kn/commands/types.go index 37e010b648..64e448ee2a 100644 --- a/pkg/kn/commands/types.go +++ b/pkg/kn/commands/types.go @@ -17,7 +17,6 @@ package commands import ( "fmt" "io" - "os" "path/filepath" @@ -52,6 +51,7 @@ type KnParams struct { KubeContext string KubeCluster string KubeAsUser string + KubeAsUID string KubeAsGroup []string ClientConfig clientcmd.ClientConfig NewServingClient func(namespace string) (clientservingv1.KnServingClient, error) @@ -239,6 +239,9 @@ func (params *KnParams) GetClientConfig() (clientcmd.ClientConfig, error) { if params.KubeAsUser != "" { configOverrides.AuthInfo.Impersonate = params.KubeAsUser } + if params.KubeAsUID != "" { + configOverrides.AuthInfo.ImpersonateUID = params.KubeAsUID + } if len(params.KubeAsGroup) > 0 { configOverrides.AuthInfo.ImpersonateGroups = params.KubeAsGroup } diff --git a/pkg/kn/commands/types_test.go b/pkg/kn/commands/types_test.go index bdd895a53e..5c527b7de6 100644 --- a/pkg/kn/commands/types_test.go +++ b/pkg/kn/commands/types_test.go @@ -113,6 +113,7 @@ type typeTestCase struct { kubeCfgPath string kubeContext string kubeAsUser string + kubeAsUID string kubeAsGroup []string kubeCluster string explicitPath string @@ -132,6 +133,7 @@ func TestGetClientConfig(t *testing.T) { "", "", "", + "", []string{}, "", clientcmd.NewDefaultClientConfigLoadingRules().ExplicitPath, @@ -141,6 +143,7 @@ func TestGetClientConfig(t *testing.T) { tempFile, "", "", + "", []string{}, "", tempFile, @@ -150,6 +153,7 @@ func TestGetClientConfig(t *testing.T) { "/testing/assets/kube-config-01.yml", "foo", "", + "", []string{}, "bar", "", @@ -159,6 +163,7 @@ func TestGetClientConfig(t *testing.T) { multiConfigs, "", "", + "", []string{}, "", "", @@ -168,7 +173,8 @@ func TestGetClientConfig(t *testing.T) { tempFile, "", "admin", - []string{"system:masters"}, + "", + []string{}, "", tempFile, "", @@ -177,16 +183,28 @@ func TestGetClientConfig(t *testing.T) { tempFile, "", "admin", + "", []string{"system:authenticated", "system:masters"}, "", tempFile, "", }, + { + tempFile, + "", + "admin", + "abc123", + []string{}, + "", + tempFile, + "", + }, } { p := &KnParams{ KubeCfgPath: tc.kubeCfgPath, KubeContext: tc.kubeContext, KubeAsUser: tc.kubeAsUser, + KubeAsUID: tc.kubeAsUID, KubeAsGroup: tc.kubeAsGroup, KubeCluster: tc.kubeCluster, } @@ -215,6 +233,12 @@ func TestGetClientConfig(t *testing.T) { assert.Assert(t, config.Impersonate.UserName == tc.kubeAsUser) } + if tc.kubeAsUID != "" { + config, err := clientConfig.ClientConfig() + assert.NilError(t, err) + assert.Assert(t, config.Impersonate.UID == tc.kubeAsUID) + } + if len(tc.kubeAsGroup) > 0 { config, err := clientConfig.ClientConfig() assert.NilError(t, err) diff --git a/pkg/kn/root/root.go b/pkg/kn/root/root.go index 3a9a6a93d5..51ee473fc8 100644 --- a/pkg/kn/root/root.go +++ b/pkg/kn/root/root.go @@ -87,6 +87,7 @@ Find more information about Knative at: https://knative.dev`, rootName), rootCmd.PersistentFlags().StringVar(&p.KubeContext, "context", "", "name of the kubeconfig context to use") rootCmd.PersistentFlags().StringVar(&p.KubeCluster, "cluster", "", "name of the kubeconfig cluster to use") rootCmd.PersistentFlags().StringVar(&p.KubeAsUser, "as", "", "username to impersonate for the operation") + rootCmd.PersistentFlags().StringVar(&p.KubeAsUID, "as-uid", "", "uid to impersonate for the operation") rootCmd.PersistentFlags().StringArrayVar(&p.KubeAsGroup, "as-group", []string{}, "group to impersonate for the operation, this flag can be repeated to specify multiple groups") flags.AddBothBoolFlags(rootCmd.PersistentFlags(), &p.LogHTTP, "log-http", "", false, "log http traffic") diff --git a/pkg/kn/root/root_test.go b/pkg/kn/root/root_test.go index f4b087c329..52cc4f3a83 100644 --- a/pkg/kn/root/root_test.go +++ b/pkg/kn/root/root_test.go @@ -49,6 +49,7 @@ func TestNewRootCommand(t *testing.T) { assert.Assert(t, rootCmd.PersistentFlags().Lookup("context") != nil) assert.Assert(t, rootCmd.PersistentFlags().Lookup("cluster") != nil) assert.Assert(t, rootCmd.PersistentFlags().Lookup("as") != nil) + assert.Assert(t, rootCmd.PersistentFlags().Lookup("as-uid") != nil) assert.Assert(t, rootCmd.PersistentFlags().Lookup("as-group") != nil) assert.Assert(t, rootCmd.RunE == nil)